Skip to main content
Log inGet a demo

Platform Privacy Notice

Last Updated: June 14, 2024

This Platform Privacy Notice (“Notice”) describes the privacy practices of Carry Technologies, Inc. dba Hightouch and our subsidiaries and affiliates (collectively, “Hightouch”, “we”, “us”, or “our”) in relation to our Match Booster platform and relates services, which allow our customers to enrich first-party data with data obtained from trusted third-party data providers (together, “Platform”). If you are interested in our corporate and website privacy policy, click here.

Hightouch is typically a processor or service provider on behalf of our customers in connection with personal information we receive from our customers for audience enrichment purposes. Our obligations with respect to this personal information are defined in our agreements with our customers and are not covered by this Notice. Hightouch acts as a controller or business in relation to personal information we obtain from third-party data providers that we store in our systems to improve our matching process and for related internal purposes, and this Notice applies to such processing activity.

1. Personal Information We Collect

We may obtain personal information about you from third-party providers of information used to target, optimize or measure advertising campaigns. This information includes email addresses, phone numbers, device identifiers, and cookie identifiers, along with information about consumer interests, demographics, and behaviors. We only work with trusted partners who commit to comply with applicable data protection laws. We match this data with consumer data we obtain from our customers and make it available to a specific customer to help improve its advertising initiatives.

2. How We Use Personal Information

Enrichment of customer data and Platform improvement. It is in our legitimate business interest to store personal information we obtained from third party data providers to provide an enriched dataset to customers, to improve the Platform and develop new features and services.

Compliance and protection. It is in our legitimate business interest to use your personal information as we believe necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

3. How We Share Personal Information

We may share personal information with the following parties and as otherwise described in this Notice or at the time of collection:

  • Customers who use the Platform to obtain your enriched personal information. Customers may then use your personal information in accordance with their privacy policies, including for purposes of targeted advertising or to engage in sales or sharing of personal information under applicable privacy laws. Please see “Privacy Rights and Choices” below to learn how to express a choice related to these activities.

  • Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Notice.

  • Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, analytics services).

  • Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

  • Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

  • Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Hightouch or our affiliates (including, in connection with a bankruptcy or similar proceedings).

4. Privacy Rights And Choices

Personal information requests. We offer you choices that affect how we handle the personal information that we control. Depending on your location, you may request the following in relation to personal information:

  • Information about how we have collected and used personal information. We have made this information available to you without having to request it by including it in this Notice.

  • Access to a copy of the personal information that we maintain about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.

  • Correction of personal information that is inaccurate or out of date.

  • Deletion of personal information that we no longer need to provide our services or for other lawful purposes.

  • Opt out of the sale or sharing of personal information. To opt out of the sale or sharing of your personal information, you can visit the “Privacy Choices” link in the footer of our website.

  • Additional rights, such as to object to and request that we restrict our use of personal information.

To make a request, please email us or write to us as provided in the “How to Contact Us” section below or use our webform. We may ask for specific information from you to help us confirm your identity. Depending on where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below.

Right to complain. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. Click here to find your local supervisory authority.

5. Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

6. International Data Transfer

We may transfer personal information to our affiliates and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.

When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal information or on the Data Privacy Framework (for more information about the Data Privacy Framework, please see the “Data Privacy Framework” section below).

For more information about how we transfer personal information internationally, please contact us as set out in the “How to Contact Us” section below.

Data Privacy Framework

Carry Technologies, Inc., dba Hightouch, complies with the EU-US Data Privacy Framework (“EU-U.S. DPF”) and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, “Data Privacy Framework”). Hightouch has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Hightouch has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit www.dataprivacyframework.gov.

Hightouch may be liable under the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles in cases of onward transfers to third parties.

Hightouch commits to resolve complaints about our processing of your personal data. If you have inquiries or complaint, please contact us at datadeletion@hightouch.com.

In compliance with the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to VeraSafe, an alternative dispute resolution provider based in the US and the EU. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute for more information or to file a complaint. The services of VeraSafe are provided at no cost to you.

In compliance with the EU-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Data Privacy Framework Panel. For more information on this option, please see Annex I of the Data Privacy Framework Principles at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Hightouch may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Hightouch is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

7. Retention Of Personal Information

Where required under applicable laws, we retain personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

8. Changes To This Notice

We reserve the right to modify this Notice at any time. We will post the update Notice on the website. If we make material changes to this Notice, we will let you know.

9. How To Contact Us

Responsible entity. Carry Technologies, Inc. dba Hightouch is the entity responsible for the processing of personal information under this Notice (as a controller or business, where provided under applicable law).

Contact us. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at datadeletion@hightouch.com or by writing to us at:

2261 Market Street #5225, San Francisco, CA 94114, United States.

EEA and UK Representative Contact Information. For individuals in the EEA and the UK, we have appointed:

  • VeraSafe Ireland Ltd as our EEA data representative, which you can contact by email at article27@verasafe.com, or by post at Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P, Ireland; and

  • VeraSafe United Kingdom Ltd as our UK representative, which you can contact by email at article27@verasafe.com, or by post at 37 Albert Embankment, London SE1 7TL, United Kingdom.